Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d6680c-2ff3-4db5-9702-7d348cca1d20/1/hZ_9pE4PELTMxLQiug3Mzj3JiQE.roa
File:                     hZ_9pE4PELTMxLQiug3Mzj3JiQE.roa (raw, json)
Hash identifier:          PqlwUnZdSVkgk3KVswHYJ987ubaIk74LGVe27eeWtVk=
Subject key identifier:   85:9F:FD:A4:4E:0F:10:B4:CC:C4:B4:22:BA:0D:CC:CE:3D:C9:89:01
Certificate issuer:       /CN=0abd7ddce4fd703bc3fbcafc1b5d577e1a757575
Certificate serial:       018CC5DC28D4773EFF72293744EDB45C393B
Authority key identifier: 0A:BD:7D:DC:E4:FD:70:3B:C3:FB:CA:FC:1B:5D:57:7E:1A:75:75:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cr193OT9cDvD-8r8G11Xfhp1dXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d6680c-2ff3-4db5-9702-7d348cca1d20/1/hZ_9pE4PELTMxLQiug3Mzj3JiQE.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34428
IP address blocks:        193.41.57.0/24 maxlen: 24
                          2a06:7d40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d6680c-2ff3-4db5-9702-7d348cca1d20/1/Cr193OT9cDvD-8r8G11Xfhp1dXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d6680c-2ff3-4db5-9702-7d348cca1d20/1/Cr193OT9cDvD-8r8G11Xfhp1dXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cr193OT9cDvD-8r8G11Xfhp1dXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 07:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:28:d4:77:3e:ff:72:29:37:44:ed:b4:5c:39:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0abd7ddce4fd703bc3fbcafc1b5d577e1a757575
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=859ffda44e0f10b4ccc4b422ba0dccce3dc98901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:91:3a:e8:e6:09:52:be:d3:8e:b5:dc:95:07:
                    29:b9:57:3d:17:33:45:07:6c:d4:9d:b8:f2:af:b2:
                    b0:1a:4b:fd:c4:b1:2e:75:1c:24:1a:5f:5b:e8:9b:
                    b2:e0:28:98:84:f8:09:cc:06:a8:4a:41:4c:e3:24:
                    db:23:d2:27:c7:6c:91:cc:48:8b:fb:9b:9a:7b:32:
                    fe:89:ff:4b:d8:76:8d:e5:2e:a5:b6:38:e0:05:5b:
                    b6:a2:e5:ae:7e:6e:f9:aa:90:b1:cd:ae:8b:af:94:
                    14:b4:df:a9:e8:0b:81:98:c0:ed:a5:ae:96:dc:58:
                    d5:16:37:dc:d7:8c:65:0b:72:06:63:aa:ac:60:bf:
                    f8:d3:bf:da:d1:49:db:ac:59:3f:94:b6:87:00:be:
                    2e:c5:9f:9f:43:f9:24:d2:b5:0c:36:ff:e6:7a:3b:
                    c9:d6:6a:e5:39:38:dd:6b:b8:74:83:ad:48:7a:5e:
                    0c:9e:99:12:59:55:55:7f:19:3d:b9:46:4f:90:d5:
                    93:8b:6e:ce:d4:b7:b4:62:9c:bb:c6:a9:02:9b:74:
                    99:27:09:3a:f8:2b:e6:2f:16:fe:71:ea:68:b2:66:
                    ac:2f:ad:d6:6b:38:74:78:a4:5f:cf:bc:26:c0:a2:
                    ee:5d:34:fb:48:dd:fa:bc:ef:fe:0d:2b:76:3c:66:
                    a2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:9F:FD:A4:4E:0F:10:B4:CC:C4:B4:22:BA:0D:CC:CE:3D:C9:89:01
            X509v3 Authority Key Identifier:
                keyid:0A:BD:7D:DC:E4:FD:70:3B:C3:FB:CA:FC:1B:5D:57:7E:1A:75:75:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cr193OT9cDvD-8r8G11Xfhp1dXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d6680c-2ff3-4db5-9702-7d348cca1d20/1/hZ_9pE4PELTMxLQiug3Mzj3JiQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d6680c-2ff3-4db5-9702-7d348cca1d20/1/Cr193OT9cDvD-8r8G11Xfhp1dXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.57.0/24
                IPv6:
                  2a06:7d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:f7:32:cd:11:69:ed:c3:4b:23:92:5d:59:8f:9a:62:6a:d4:
         c5:85:b2:f4:b3:3d:39:5c:62:74:91:b5:6e:fa:2a:7a:69:30:
         99:a9:9f:c6:cd:f6:44:2e:e9:13:47:5d:2a:b9:ee:a0:4a:6a:
         c4:24:f7:56:5a:de:a7:fc:65:eb:32:57:23:19:48:ed:92:f0:
         9f:27:93:c8:e9:5b:a8:59:62:eb:04:7a:59:90:c3:c7:15:bd:
         29:c7:ae:91:f5:64:e3:64:56:ea:42:06:1b:a3:94:d4:3c:e8:
         f9:be:b7:82:c4:86:6c:a9:1b:9a:d5:0d:6a:57:a8:3f:3b:36:
         14:dc:30:bb:79:9a:4f:7e:de:34:1c:4d:eb:66:ef:a2:5c:bf:
         ae:15:2a:2e:ae:f3:ae:00:fe:7c:e1:79:a6:b0:11:16:d5:4d:
         76:31:03:d6:8e:9b:14:db:39:87:a8:2b:6f:ff:7c:68:6c:f4:
         26:bc:28:8b:10:64:ef:cb:57:0a:70:be:56:20:1d:a2:21:6c:
         e9:71:d8:4c:1a:db:df:c9:ca:48:c9:b6:d1:30:d6:f1:d7:84:
         22:6d:70:36:17:ce:d4:ae:4c:9b:65:7d:6a:9a:70:fd:21:f6:
         71:f9:d7:f3:90:05:8d:c6:3a:e3:ab:03:41:1d:b6:24:10:28:
         4b:af:9d:19
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3CjUdz7/cik3RO20XDk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhYmQ3ZGRjZTRmZDcwM2JjM2ZiY2FmYzFiNWQ1NzdlMWE3
NTc1NzUwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTlmZmRhNDRlMGYxMGI0Y2NjNGI0MjJiYTBkY2NjZTNkYzk4OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZE66OYJUr7TjrXclQcpuVc9FzNF
B2zUnbjyr7KwGkv9xLEudRwkGl9b6Juy4CiYhPgJzAaoSkFM4yTbI9Inx2yRzEiL
+5uaezL+if9L2HaN5S6ltjjgBVu2ouWufm75qpCxza6Lr5QUtN+p6AuBmMDtpa6W
3FjVFjfc14xlC3IGY6qsYL/407/a0UnbrFk/lLaHAL4uxZ+fQ/kk0rUMNv/mejvJ
1mrlOTjda7h0g61Iel4MnpkSWVVVfxk9uUZPkNWTi27O1Le0Ypy7xqkCm3SZJwk6
+CvmLxb+ceposmasL63Wazh0eKRfz7wmwKLuXTT7SN36vO/+DSt2PGaiVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIWf/aRODxC0zMS0IroNzM49yYkBMB8GA1UdIwQY
MBaAFAq9fdzk/XA7w/vK/BtdV34adXV1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3IxOTNPVDljRHZELThyOEcxMVhmaHAxZFhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kNjY4MGMtMmZmMy00ZGI1LTk3MDIt
N2QzNDhjY2ExZDIwLzEvaFpfOXBFNFBFTFRNeExRaXVnM016ajNKaVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kNjY4MGMtMmZmMy00ZGI1LTk3MDItN2QzNDhjY2ExZDIw
LzEvQ3IxOTNPVDljRHZELThyOEcxMVhmaHAxZFhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSk5MA0E
AgACMAcDBQMqBn1AMA0GCSqGSIb3DQEBCwUAA4IBAQCa9zLNEWntw0sjkl1Zj5pi
atTFhbL0sz05XGJ0kbVu+ip6aTCZqZ/GzfZELukTR10que6gSmrEJPdWWt6n/GXr
MlcjGUjtkvCfJ5PI6VuoWWLrBHpZkMPHFb0px66R9WTjZFbqQgYbo5TUPOj5vreC
xIZsqRua1Q1qV6g/OzYU3DC7eZpPft40HE3rZu+iXL+uFSourvOuAP584XmmsBEW
1U12MQPWjpsU2zmHqCtv/3xobPQmvCiLEGTvy1cKcL5WIB2iIWzpcdhMGtvfycpI
ybbRMNbx14QibXA2F87UrkybZX1qmnD9IfZx+dfzkAWNxjrjqwNBHbYkEChLr50Z
-----END CERTIFICATE-----